From 3c77576d080199724fa04605dc7c5009d409ce60 Mon Sep 17 00:00:00 2001 From: Sonu Kumar Singh Date: Sat, 16 Dec 2023 13:31:34 +0530 Subject: [PATCH] restrict permission for github token --- .github/workflows/hide-minikube-bot-comments.yml | 3 +++ .github/workflows/winget.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/hide-minikube-bot-comments.yml b/.github/workflows/hide-minikube-bot-comments.yml index acd1d92f471f..63a072f02fc5 100644 --- a/.github/workflows/hide-minikube-bot-comments.yml +++ b/.github/workflows/hide-minikube-bot-comments.yml @@ -1,5 +1,8 @@ name: hide-minikube-bot-comments on: issue_comment +permissions: + contents: read + jobs: hide-comments: if: ${{ github.event.issue.pull_request }} diff --git a/.github/workflows/winget.yml b/.github/workflows/winget.yml index 124ec8287404..d07cb538bd8d 100644 --- a/.github/workflows/winget.yml +++ b/.github/workflows/winget.yml @@ -2,6 +2,9 @@ name: Publish to WinGet on: release: types: [released] +permissions: + contents: read + jobs: publish: runs-on: windows-latest # action can only be run on windows